@hahnpro/hpc-api 3.4.2 → 3.5.0

package/dist/api.d.ts

@@ -15,6 +15,7 @@ import { FlowFunctionService } from './flow-function.service';
 import { FlowModuleService } from './flow-module.service';
 import { FlowDeploymentService } from './flow-deployment.service';
 import { LabelService } from './label.service';
+import { VaultService } from './vault.service';
 export declare class API {
     httpClient: HttpClient;
     assets: AssetService;
@@ -32,6 +33,7 @@ export declare class API {
     tasks: TaskService;
     timeSeries: TimeSeriesService;
     users: UserService;
+    vault: VaultService;
     /**
      * @deprecated use "assets" instead
      */

package/dist/api.js

@@ -18,6 +18,7 @@ const flow_function_service_1 = require("./flow-function.service");
 const flow_module_service_1 = require("./flow-module.service");
 const flow_deployment_service_1 = require("./flow-deployment.service");
 const label_service_1 = require("./label.service");
+const vault_service_1 = require("./vault.service");
 class API {
     constructor() {
         const normalizePath = (value = '', defaultValue = '') => value.replace(/(?:^\/+)|(?:\/+$)/g, '') || defaultValue;
@@ -51,6 +52,7 @@ class API {
         this.tasks = new task_service_1.TaskService(this.httpClient);
         this.timeSeries = new timeseries_service_1.TimeSeriesService(this.httpClient);
         this.users = new user_service_1.UserService(this.httpClient);
+        this.vault = new vault_service_1.VaultService(this.httpClient);
         this.assetManager = this.assets;
         this.contentManager = this.contents;
         this.endpointManager = this.endpoints;

package/dist/flow-deployment.service.d.ts

@@ -27,7 +27,7 @@ export declare class FlowDeploymentService extends BaseService {
         readWritePermissions?: string[];
         tags?: string[];
     }): Promise<FlowDeployment>;
-    subscribeToStatus(id: string, listener: (event: MessageEvent<any>) => void, errorListener?: (event: MessageEvent) => void): Promise<string>;
-    subscribeToLogs(id: string, listener: (event: MessageEvent<any>) => void, errorListener?: (event: MessageEvent) => void): Promise<string>;
+    subscribeToStatus(id: string, listener: (event: MessageEvent<any>) => void, errorListener?: (event: MessageEvent) => void): Promise<any>;
+    subscribeToLogs(id: string, listener: (event: MessageEvent<any>) => void, errorListener?: (event: MessageEvent) => void): Promise<any>;
 }
 export {};

package/dist/http.service.d.ts

@@ -7,8 +7,8 @@ export declare class HttpClient {
     private readonly clientId;
     private readonly clientSecret;
     private readonly axiosInstance;
+    private readonly authAxiosInstance;
     private readonly requestQueue;
-    private client;
     private tokenSet;
     eventSourcesMap: Map<string, {
         eventSource: EventSource;
@@ -27,8 +27,11 @@ export declare class HttpClient {
     post: <T>(url: string, data: any, config?: AxiosRequestConfig) => Promise<T>;
     put: <T>(url: string, data: any, config?: AxiosRequestConfig) => Promise<T>;
     private request;
-    addEventSource(url: string, listener: (event: MessageEvent) => void, errorListener?: (event: MessageEvent) => void): Promise<string>;
+    addEventSource(url: string, listener: (event: MessageEvent) => void, errorListener?: (event: MessageEvent) => void): Promise<any>;
     destroyEventSource(id: string): void;
     destroyAllEventSources(): void;
     getAccessToken: () => Promise<string>;
+    private validateIssuer;
+    private discoverIssuer;
+    private requestAccessToken;
 }

package/dist/http.service.js

@@ -4,9 +4,11 @@ exports.HttpClient = void 0;
 const tslib_1 = require("tslib");
 const axios_1 = tslib_1.__importDefault(require("axios"));
 const eventsource_1 = tslib_1.__importDefault(require("eventsource"));
-const openid_client_1 = require("openid-client");
+const uuid_1 = require("uuid");
+const jose_1 = require("jose");
 const Queue_1 = require("./Queue");
-const crypto_1 = require("crypto");
+const token_set_1 = require("./token-set");
+const querystring_1 = require("querystring");
 const TOKEN_EXPIRATION_BUFFER = 30;
 class HttpClient {
     constructor(baseURL, authBaseURL, realm, clientId, clientSecret) {
@@ -33,25 +35,17 @@ class HttpClient {
             }));
         };
         this.getAccessToken = async () => {
-            var _a;
-            if (!((_a = this.client) === null || _a === void 0 ? void 0 : _a.issuer)) {
-                const authIssuer = await openid_client_1.Issuer.discover(`${this.authBaseURL}/realms/${this.realm}/`);
-                this.client = await new authIssuer.Client({
-                    client_id: this.clientId,
-                    client_secret: this.clientSecret,
-                    token_endpoint_auth_method: 'client_secret_jwt',
-                });
-            }
-            if (!this.tokenSet || this.tokenSet.expired() || this.tokenSet.expires_at < Date.now() / 1000 + TOKEN_EXPIRATION_BUFFER) {
-                this.tokenSet = await this.client.grant({ grant_type: 'client_credentials' });
+            if (!this.tokenSet || this.tokenSet.expired() || this.tokenSet.expiresAt < Date.now() / 1000 + TOKEN_EXPIRATION_BUFFER) {
+                return this.requestAccessToken();
             }
             return this.tokenSet.access_token;
         };
         this.axiosInstance = axios_1.default.create({ baseURL, timeout: 60000 });
+        this.authAxiosInstance = axios_1.default.create({ baseURL: authBaseURL || baseURL, timeout: 10000 });
         this.requestQueue = new Queue_1.Queue({ concurrency: 1, timeout: 70000, throwOnTimeout: true });
     }
     async addEventSource(url, listener, errorListener) {
-        const id = (0, crypto_1.randomUUID)();
+        const id = (0, uuid_1.v4)();
         const errListener = errorListener
             ? errorListener
             : (event) => {
@@ -80,5 +74,60 @@ class HttpClient {
             this.destroyEventSource(key);
         }
     }
+    validateIssuer(issuer) {
+        var _a, _b;
+        if (!issuer.issuer ||
+            !((_a = issuer.grant_types_supported) === null || _a === void 0 ? void 0 : _a.includes('client_credentials')) ||
+            !((_b = issuer.token_endpoint_auth_methods_supported) === null || _b === void 0 ? void 0 : _b.includes('client_secret_jwt'))) {
+            throw new Error('Issuer does not support client_secret_jwt');
+        }
+        return issuer;
+    }
+    async discoverIssuer(uri) {
+        const wellKnownUri = `${uri}/.well-known/openid-configuration`;
+        const issuerResponse = await this.authAxiosInstance.get(wellKnownUri, {
+            responseType: 'json',
+            headers: { Accept: 'application/json' },
+        });
+        return this.validateIssuer(issuerResponse.data);
+    }
+    async requestAccessToken() {
+        var _a, _b;
+        const issuer = await this.discoverIssuer(`${this.authBaseURL}/realms/${this.realm}`);
+        const timestamp = Date.now() / 1000;
+        const audience = [...new Set([issuer.issuer, issuer.token_endpoint].filter(Boolean))];
+        const assertionPayload = {
+            iat: timestamp,
+            exp: timestamp + 60,
+            jti: (0, uuid_1.v4)(),
+            iss: this.clientId,
+            sub: this.clientId,
+            aud: audience,
+        };
+        const supportedAlgos = issuer.token_endpoint_auth_signing_alg_values_supported;
+        const alg = (_a = issuer.token_endpoint_auth_signing_alg) !== null && _a !== void 0 ? _a : (Array.isArray(supportedAlgos) && supportedAlgos.find((signAlg) => /^HS(?:256|384|512)/.test(signAlg)));
+        if (!alg) {
+            throw new Error('Issuer has to support HS256, HS384 or HS512');
+        }
+        const assertion = await new jose_1.CompactSign(Buffer.from(JSON.stringify(assertionPayload)))
+            .setProtectedHeader({ alg })
+            .sign(new TextEncoder().encode(this.clientSecret));
+        const opts = {
+            client_id: this.clientId,
+            client_assertion: assertion,
+            client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+            grant_type: 'client_credentials',
+        };
+        const authResponse = await this.authAxiosInstance.post(issuer.token_endpoint, (0, querystring_1.stringify)(opts), {
+            headers: { Accept: 'application/json', 'Content-Type': 'application/x-www-form-urlencoded' },
+        });
+        if (((_b = authResponse === null || authResponse === void 0 ? void 0 : authResponse.data) === null || _b === void 0 ? void 0 : _b.access_token) && authResponse.data.expires_in) {
+            this.tokenSet = new token_set_1.TokenSet(authResponse.data.access_token, authResponse.data.expires_in);
+            return authResponse.data.access_token;
+        }
+        else {
+            throw new Error('Invalid access token received');
+        }
+    }
 }
 exports.HttpClient = HttpClient;

package/dist/index.d.ts

@@ -16,4 +16,5 @@ export * from './flow-function.interface';
 export * from './flow.interface';
 export * from './resource.interface';
 export * from './schema.interface';
+export * from './vault.interface';
 export * as SiDrive from './sidriveiq.interface';

package/dist/index.js

@@ -20,4 +20,5 @@ tslib_1.__exportStar(require("./flow-function.interface"), exports);
 tslib_1.__exportStar(require("./flow.interface"), exports);
 tslib_1.__exportStar(require("./resource.interface"), exports);
 tslib_1.__exportStar(require("./schema.interface"), exports);
+tslib_1.__exportStar(require("./vault.interface"), exports);
 exports.SiDrive = tslib_1.__importStar(require("./sidriveiq.interface"));

package/dist/mock/api.mock.d.ts

@@ -26,6 +26,8 @@ import { FlowModule } from '../flow-module.interface';
 import { Artifact } from '../storage.interface';
 import { LabelMockService } from './label.mock.service';
 import { Label } from '../label.interface';
+import { VaultSecret } from '../vault.interface';
+import { VaultMockService } from './vault.mock.service';
 export declare class MockAPI implements API {
     httpClient: any;
     assets: AssetMockService;
@@ -43,6 +45,7 @@ export declare class MockAPI implements API {
     tasks: TaskMockService;
     timeSeries: TimeseriesMockService;
     users: UserMockService;
+    vault: VaultMockService;
     assetManager: AssetMockService;
     contentManager: ContentMockService;
     endpointManager: EndpointMockService;
@@ -70,6 +73,7 @@ export declare class MockAPI implements API {
         modules?: FlowModuleInit[];
         diagrams?: FlowDiagramInit[];
         labels?: LabelInit[];
+        vault?: VaultSecretInit[];
     });
 }
 export declare type Identity<T> = {
@@ -104,6 +108,7 @@ export declare type ArtifactInit = AtLeast<Artifact & {
 }, 'filename' | 'path'>;
 export declare type FlowDiagramInit = AtLeast<FlowDiagram, 'id' | 'flow'>;
 export declare type LabelInit = AtLeast<Label, 'id' | 'name'>;
+export declare type VaultSecretInit = AtLeast<VaultSecret, 'name' | 'secret'>;
 export interface UserInit {
     roles: string[];
 }

package/dist/mock/api.mock.js

@@ -17,12 +17,13 @@ const flow_functions_mock_service_1 = require("./flow-functions.mock.service");
 const flow_modules_mock_service_1 = require("./flow-modules.mock.service");
 const crypto_1 = require("crypto");
 const label_mock_service_1 = require("./label.mock.service");
+const vault_mock_service_1 = require("./vault.mock.service");
 class MockAPI {
     constructor(initData) {
         this.httpClient = null;
         this.proxy = null;
         this.siDrive = null;
-        const { assets = [], assetRevisions = [], contents = [], endpoints = [], secrets = [], timeSeries = [], tasks = [], events = [], users, flows = [], flowRevisions = [], deployments = [], functions = [], functionRevisions = [], modules = [], diagrams = [], labels = [], } = initData;
+        const { assets = [], assetRevisions = [], contents = [], endpoints = [], secrets = [], timeSeries = [], tasks = [], events = [], users, flows = [], flowRevisions = [], deployments = [], functions = [], functionRevisions = [], modules = [], diagrams = [], labels = [], vault = [], } = initData;
         const assetTypes = assets
             .map((v) => v.type)
             .map((v) => {
@@ -111,6 +112,7 @@ class MockAPI {
             return (Object.assign(Object.assign({}, v), { artifacts: (_a = modules[index].artifacts.map((art) => (Object.assign(Object.assign({}, art), { version: '0.0.0', id: (0, crypto_1.randomUUID)(), mimetype: '', size: 0, createdAt: '' + Date.now() })))) !== null && _a !== void 0 ? _a : [], author: 'nobody', functions: [], readPermissions: [], readWritePermissions: [] }));
         });
         const labels1 = labels.map((label) => (Object.assign(Object.assign({}, label), { color: '', description: '', readPermissions: [], readWritePermissions: [] })));
+        const vaultSecrets1 = vault.map((v) => (Object.assign(Object.assign({}, v), { readPermissions: [], readWritePermissions: [] })));
         this.assets = new asset_mock_service_1.AssetMockService(this, assets1, assetRevisions1);
         this.contents = new content_mock_service_1.ContentMockService(contents1, contentData);
         this.endpoints = new endpoint_mock_service_1.EndpointMockService(endpoint1);
@@ -124,6 +126,7 @@ class MockAPI {
         this.flowFunctions = new flow_functions_mock_service_1.FlowFunctionsMockService(functions1, functionRevisions1);
         this.flowModules = new flow_modules_mock_service_1.FlowModulesMockService(modules1);
         this.labels = new label_mock_service_1.LabelMockService(labels1);
+        this.vault = new vault_mock_service_1.VaultMockService(vaultSecrets1);
         this.assetManager = this.assets;
         this.contentManager = this.contents;
         this.endpointManager = this.endpoints;

package/dist/mock/data.mock.service.d.ts

@@ -9,6 +9,8 @@ export declare class DataMockService<T> extends DataService<T> implements APIBas
     deleteOne(id: string): Promise<any>;
     getMany(params?: RequestParameter): Promise<Paginated<T[]>>;
     getManyFiltered(filter: Filter, params?: RequestParameter): Promise<Paginated<T[]>>;
-    getOne(id: string, options?: any): Promise<T>;
+    getOne(id: string, options?: Record<string, any> & {
+        idKey?: string;
+    }): Promise<T>;
     updateOne(id: string, dto: any): Promise<T>;
 }

package/dist/mock/data.mock.service.js

@@ -40,8 +40,9 @@ class DataMockService extends data_service_1.DataService {
         };
         return Promise.resolve(page);
     }
-    getOne(id, options) {
-        const t = this.data.find((v) => v.id === id);
+    getOne(id, options = {}) {
+        const idKey = options.idKey || 'id';
+        const t = this.data.find((v) => v[idKey] === id);
         return Promise.resolve(t);
     }
     async updateOne(id, dto) {

package/dist/mock/index.d.ts

@@ -7,3 +7,4 @@ export * from './secret.mock.service';
 export * from './timeseries.mock.service';
 export * from './task.mock.service';
 export * from './events.mock.service';
+export * from './vault.mock.service';

package/dist/mock/index.js

@@ -10,3 +10,4 @@ tslib_1.__exportStar(require("./secret.mock.service"), exports);
 tslib_1.__exportStar(require("./timeseries.mock.service"), exports);
 tslib_1.__exportStar(require("./task.mock.service"), exports);
 tslib_1.__exportStar(require("./events.mock.service"), exports);
+tslib_1.__exportStar(require("./vault.mock.service"), exports);

package/dist/mock/vault.mock.service.d.ts

@@ -0,0 +1,7 @@
+import { DataMockService } from './data.mock.service';
+import { VaultSecret } from '../vault.interface';
+import { VaultService } from '../vault.service';
+export declare class VaultMockService extends DataMockService<VaultSecret> implements VaultService {
+    constructor(secrets: VaultSecret[]);
+    getSecret(name: string, version?: number): Promise<string>;
+}

package/dist/mock/vault.mock.service.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultMockService = void 0;
+const data_mock_service_1 = require("./data.mock.service");
+class VaultMockService extends data_mock_service_1.DataMockService {
+    constructor(secrets) {
+        super();
+        this.data = secrets;
+    }
+    getSecret(name, version) {
+        const vaultSecret = this.data.find((v) => v.name === name);
+        if (version && vaultSecret.version !== version) {
+            return Promise.resolve('');
+        }
+        return Promise.resolve(vaultSecret.secret);
+    }
+}
+exports.VaultMockService = VaultMockService;

package/dist/token-set.d.ts

@@ -0,0 +1,8 @@
+export declare class TokenSet {
+    expiresAt: number;
+    access_token: string;
+    constructor(access_token: string, expires_in: number);
+    set expires_in(value: number);
+    get expires_in(): number;
+    expired(): boolean;
+}

package/dist/token-set.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenSet = void 0;
+class TokenSet {
+    constructor(access_token, expires_in) {
+        this.expires_in = expires_in;
+        this.access_token = access_token;
+    }
+    set expires_in(value) {
+        this.expiresAt = Date.now() + Number(value);
+    }
+    get expires_in() {
+        return Math.max(this.expiresAt - Date.now(), 0);
+    }
+    expired() {
+        return this.expires_in === 0;
+    }
+}
+exports.TokenSet = TokenSet;

package/dist/vault.interface.d.ts

@@ -0,0 +1,10 @@
+export interface VaultSecret {
+    id?: string;
+    name: string;
+    secret?: string;
+    tags?: string[];
+    version?: number;
+    readPermissions: string[];
+    readWritePermissions: string[];
+    updatedAt?: string;
+}

package/dist/vault.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/vault.service.d.ts

@@ -0,0 +1,7 @@
+import { DataService } from './data.service';
+import { VaultSecret } from './vault.interface';
+import { HttpClient } from './http.service';
+export declare class VaultService extends DataService<VaultSecret> {
+    constructor(httpClient: HttpClient);
+    getSecret(name: string, version?: number): Promise<string>;
+}

package/dist/vault.service.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultService = void 0;
+const data_service_1 = require("./data.service");
+class VaultService extends data_service_1.DataService {
+    constructor(httpClient) {
+        super(httpClient, '/vault');
+    }
+    getSecret(name, version) {
+        const params = version ? { version } : {};
+        return this.httpClient.get(`${this.basePath}/${name}/secret`, { params });
+    }
+}
+exports.VaultService = VaultService;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hahnpro/hpc-api",
-  "version": "3.4.2",
+  "version": "3.5.0",
   "description": "Module for easy access to the HahnPRO API",
   "license": "MIT",
   "author": {
@@ -27,15 +27,15 @@
     "axios": "~0.27.2",
     "eventsource": "^2.0.2",
     "form-data": "^4.0.0",
+    "jose": "^4.9.0",
     "jwt-decode": "^3.1.2",
-    "openid-client": "^5.1.8",
     "p-queue": "^6.6.2",
-    "ts-mixer": "^6.0.1"
+    "ts-mixer": "^6.0.1",
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
     "@types/eventsource": "^1.1.9",
-    "axios-mock-adapter": "^1.21.2",
-    "nock": "^13.2.9"
+    "axios-mock-adapter": "^1.21.2"
   },
   "engines": {
     "node": ">=v14.13"